check_tacacs_plus.pl [SEC=UNCLASSIFIED]

Stanley.Hopcroft at Dest.gov.au Stanley.Hopcroft at Dest.gov.au
Thu May 24 08:22:34 CEST 2007

Previous message: Missing libraries with nagios 2.8 download
Next message: Increasing Nagios performance on multiprocessor server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear Folks,
 
> Message: 8
> Date: Tue, 22 May 2007 18:47:21 -0700
> From: Daniel Lacey <daniel_p_lacey at yahoo.com>
> Subject: Re: [Nagios-users] Any experience with check_tacacs_plus.pl

> 
> I don't know this platform, but....
> 
> A TACACS+ server's password database should be invisible to a 
> TACACS client.
> The server's purpose is to authenticate in a way that makes 
> such details 
> irrelevant.
> 
> I would create a separate user for this with little to no 
> authorization... You just need to test the authentication server.
> The user and password will be stored somewhere in plain text 
> so that the 
> script using Authen::TACACSPlus will know how to connect to 
> the server.
>


There are source RPMS for Authen::TACACSPlus so the overhead of
this Perl plugin is not too bad.

check_tacacs_plus works nicely with the Cisco Secure ACS after 

1 the ACS is configured to recognise the Nagios hosts (ie names +
addresses
of all interfaces)

2 a user is created on the ACS that the plugin will use to check that
the
users password is validated.

A less attractive aspect of this plugin is that the TACACS+ secret key
needs to be
known to the Nagios host. Having a separate (from production) key seems
like a good idea
but since the plugin accepts username and pw as options, they are
visible to other
users on the Nagios host (unless you use ePN or hack the plugin).

I am grateful to the plugins authors (P Farmer et al) for this. Nice
job.

Thank you,

Yours sincerely.


Classification: UNCLASSIFIED

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Missing libraries with nagios 2.8 download
Next message: Increasing Nagios performance on multiprocessor server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list